Sumo Logic’s Survey Finds AI and Automation Driving the Future of Security Systems

(SquareMotion/ShutterStock)

Over the past decade, SIEM (Security Information and Event Management) has been a foundational tool in enterprise cybersecurity. Designed to collect logs from across the IT stack, flag anomalies, and support investigations, SIEM systems have long played a critical role in helping security teams detect and respond to threats. But what these tools were built for and what defenders face today are two very different realities.

A new report from Sumo Logic reveals that as security leaders rethink their SIEM strategies in 2025, they are placing greater emphasis on AI capabilities, automation, and cloud-native flexibility. In a survey of more than 500 IT and security professionals, 70% of respondents said that AI now plays a key role in how confident they feel about their current SIEM solution.

Among those actively evaluating new tools, 90% said that AI capabilities are extremely or very important in their decision to adopt a new security platform—whether that’s a next-generation SIEM or an alternative approach.

Companies are rethinking their SIEM strategies because they are facing converging pressures from AI-accelerated attacks, sprawling cloud telemetry that overwhelms analysts, and budget cuts that limit their ability to respond quickly and scale defenses effectively. On one side, attackers are using AI to automate phishing and adapt their tactics faster than defenders can react. On the other, security teams are struggling to keep up with the volume of telemetry pouring in from dispersed systems—all while trying to maintain compliance and reduce response times.

                  (Golden Dayz/Shutterstock)

“Security teams today are balancing fast-changing threats, growing data volumes, and rising demands for operational efficiency,” said Chas Clawson, Security CTO at Sumo Logic. 

“Our research confirms that even organizations confident in their current solutions’ adaptability are exploring new options, prioritizing AI-powered, cloud-native solutions that unify detection, automation, and context. It marks a shift towards Intelligent Security Operations, where AI enhances visibility and accelerates response, with the ultimate goal of shrinking resolution time to near zero.”

AI appears to be already working. For those already leveraging AI-enabled playbooks, 34% reported reduced average incident response. Using AI helped with pre-filtering noise, enriching alerts with contextual data, and quicker launch of remediation steps. This means that by the time human analysts engage, much of the groundwork is already done. 

Many security leaders (84%) are now looking for SIEM tools that come with built-in automation, often called SOAR (Security Orchestration, Automation and Response). This capability helps speed up incident triage and response by handling routine steps automatically. It reduces the burden on analysts and improves resolution times when threats emerge.

Beyond the appeal of new features, many buyers are losing patience with what they already have. In the survey, half of security leaders said their legacy SIEM fails to integrate cleanly with the rest of the stack, and 95% of respondents exploring alternatives pointed to vendor lock-in as one of the biggest roadblocks.

According to the Sumo Logic report, 75% of security leaders who say they’re “very confident” in their current SIEM’s ability to evolve are still actively evaluating alternatives. This shows that not only is current performance important, but companies are also looking ahead to ensure their systems will be ready to handle what comes down the road in terms of both threats and technology shifts.

                   (frank60/Shutterstock)

With the sheer volume of telemetry being generated by cloud environments, security systems are under pressure, and one way they respond is by issuing more notifications. But 70% of respondents say they struggle with alert fatigue and false positives.

To address this, more organizations are adopting AI that goes beyond detection. The Sumo Logic report points to a shift toward assistive systems that help analysts investigate issues by surfacing context and recommending actions. The longer-term goal is even more ambitious: building platforms that can learn from an organization’s environment and adapt responses in real time.

This vision aligns with what Sumo Logic’s Chas Clawson described as the move toward Intelligent Security Operations. Rather than relying on patched legacy tools or expanding teams just to keep up, leading organizations are leaning into automation and AI-guided investigations to close the gap between threat detection and response.

In this model, SIEM is no longer just a place to store logs. It’s becoming a real-time system that cuts through the noise, brings the right signals to the surface, and kicks off the right response when it’s needed most. 

While the use of AI agents in security roles seems inevitable, a recent SailPoint report highlights the risks of moving too fast without proper oversight. The study found that many organizations deploying AI agents have already experienced unintended behaviors like unauthorized access and data leakage, often due to limited visibility and weak governance. It’s a sharp reminder that as AI takes on more responsibility, it must also be subject to the same identity controls and accountability as human users.

Related Items

Databricks Is Making a Long-Term Play to Fix AI’s Biggest Constraint

How to Capitalize on Software-Defined Storage, Securely and Compliantly

It’s Official: Informatica Agrees to Be Bought by Salesforce for $8 Billion